https://community.splunk.com/t5/Splunk-Enterprise/Splunk-UBA-Anomalies-and-Threats/m-p/702887#M20608 <P>Hi everyone,</P><P>I have started working in Splunk UBA recently, and have some questions:</P><OL><LI><STRONG>Anomalies:</STRONG><UL><LI>How long does it take to identify anomalies after receiving the logs usually?</LI><LI>Can I define anomaly rules?</LI><LI>Is there anywhere to explain the existing anomaly categories are based on what or will be looking for what in the traffic?</LI></UL></LI><LI><STRONG>Threats:</STRONG><UL><LI>How long does it take to trigger threats after identifying anomalies?</LI><LI>Is there any source I can rely on for creating threat rules? As I am creating rules and testing but with no results.</LI></UL></LI></OL> Sun, 27 Oct 2024 08:20:14 GMT dania_abujuma 2024-10-27T08:20:14Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-UBA-Anomalies-and-Threats/m-p/702887#M20608 <P>Hi everyone,</P><P>I have started working in Splunk UBA recently, and have some questions:</P><OL><LI><STRONG>Anomalies:</STRONG><UL><LI>How long does it take to identify anomalies after receiving the logs usually?</LI><LI>Can I define anomaly rules?</LI><LI>Is there anywhere to explain the existing anomaly categories are based on what or will be looking for what in the traffic?</LI></UL></LI><LI><STRONG>Threats:</STRONG><UL><LI>How long does it take to trigger threats after identifying anomalies?</LI><LI>Is there any source I can rely on for creating threat rules? As I am creating rules and testing but with no results.</LI></UL></LI></OL> Sun, 27 Oct 2024 08:20:14 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-UBA-Anomalies-and-Threats/m-p/702887#M20608 dania_abujuma 2024-10-27T08:20:14Z